rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-20 21:54:16 +01:00
Code Issues Projects Releases Wiki Activity

Merge branch 'mikemn-master'

Browse Source
This commit is contained in:
Klas Lindfors 2015-11-16 09:09:04 +01:00
commit 19631c2efc
3 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README
View File

@ -188,6 +188,12 @@ specify the path where X509 certificates are stored. This is
required if 'https' or 'ldaps' are used in 'url' and 'ldap_uri'
respectively.
proxy::
specify a proxy to connect to the validation server. Valid schemes are
socks4://, socks4a://, socks5:// or socks5h://. Socks5h asks the proxy
to do the dns resolving. If no scheme or port is specified HTTP proxy
port 1080 will be used.
verbose_otp::
This argument is used to show the OTP (One-Time Password) when it
is entered, i.e. to enable terminal echo of entered characters.

3
pam_yubico.8.txt
View File

@ -50,6 +50,9 @@ This option should not be used, please use the urllist option instead. Set the
*capath*=_path_::
Specify the path where X509 certificates are stored. This is required if 'https' or 'ldaps' are used in 'url' and 'ldap_uri' respectively.
*proxy*=_proxy_::
Specify a proxy to connect to the validation server. Valid schemes are socks4://, socks4a://, socks5:// or socks5h://. Socks5h asks the proxy to do the dns resolving. If no scheme or port is specified HTTP proxy port 1080 will be used. E.g. socks5h://user:pass@10.10.0.1:1080
*verbose_otp*::
This argument is used to show the OTP (One Time Password) when it is entered, i.e. to enable terminal echo of entered characters. You are advised to not use this, if you are using two factor authentication because that will display your password on the screen. This requires the service using the PAM module to display custom fields. For example, OpenSSH requires you to configure "ChallengeResponseAuthentication no".

7
pam_yubico.c
View File

@ -111,6 +111,7 @@ struct cfg
const char *auth_file;
const char *capath;
const char *cainfo;
const char *proxy;
const char *url;
const char *urllist;
const char *ldapserver;
@ -710,6 +711,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
cfg->capath = argv[i] + 7;
if (strncmp (argv[i], "cainfo=", 7) == 0)
cfg->cainfo = argv[i] + 7;
if (strncmp (argv[i], "proxy=", 6) == 0)
cfg->proxy = argv[i] + 6;
if (strncmp (argv[i], "url=", 4) == 0)
cfg->url = argv[i] + 4;
if (strncmp (argv[i], "urllist=", 8) == 0)
@ -772,6 +775,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
D (("urllist=%s", cfg->urllist ? cfg->urllist : "(null)"));
D (("capath=%s", cfg->capath ? cfg->capath : "(null)"));
D (("cainfo=%s", cfg->cainfo ? cfg->cainfo : "(null)"));
D (("proxy=%s", cfg->proxy ? cfg->proxy : "(null)"));
D (("token_id_length=%d", cfg->token_id_length));
D (("mode=%s", cfg->mode == CLIENT ? "client" : "chresp" ));
D (("chalresp_path=%s", cfg->chalresp_path ? cfg->chalresp_path : "(null)"));
@ -883,6 +887,9 @@ pam_sm_authenticate (pam_handle_t * pamh,
if (cfg->cainfo)
ykclient_set_ca_info (ykc, cfg->cainfo);
if (cfg->proxy)
ykclient_set_proxy (ykc, cfg->proxy);
if (cfg->url)
{
rc = ykclient_set_url_template (ykc, cfg->url);